Products

    Pages

        Security Advisories

        Filter by Tags

        Vulnerability
        Updated Date
        Threat
        Identifier
        How is Crestron Affected
        Resources
        AUTHENTICATION FAILURE IN TSW‑x60
        11/14/17
        More information
        Threat:
        By definition, devices that do not have authentication enabled are not affected
        Identifier:
        N/A
        How is Crestron Affected:

        Crestron is aware of a flaw in the authentication model of the following products:

        TSW-560, TSW-560P, TSW-760, TSW-1060, TSW-560-NC, TSW-760-NC, TSW-1060-NC running the following versions 1.002.0016.001, 1.002.0028.001, 1.003.0052.001.

        A hacker can gain access to the device configuration pages using invalid credentials. It should be noted that the vulnerability only allows access to the configuration of the device and thus possibly render the device inoperable or inaccessible.

        Crestron has posted an updated version of the firmware to address this problem:

        • If you are running version 1.002.0016 or 1.002.0028, please update to version 1.002.0029.
        • If you are running version 1.003.0052, please update to version 1.003.0054.

        If you previously disabled the webserver to mitigate this issue you may re-enable it using the command WEBSERVER ON, followed by a REBOOT.

        Resources:
        BLUEBORNE
        10/26/17
        More information
        Threat:
        It has been reported that a new attack vector called BlueBorne can potentially affect all devices with Bluetooth capabilities running major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux. By spreading through the air, BlueBorne targets the weakest spot in the networks' defense – and the only one that no security measure protects.
        Identifier:
        N/A
        How is Crestron Affected:

        The only Crestron device that currently exposes a Bluetooth interface is the Crestron Mercury Tabletop Conference System.

        Mercury uses a BlueTooth module which incorporates a proprietary operating system (not Android, iOS, Windows or Linux) and therefore is not susceptible to the BlueBorne attack. Furthermore, all Bluetooth profiles are kept inactive during normal operation of the device, requiring explicit user intervention to enable paring and/or discovery to the device. As such, Mercury is not vulnerable to the BlueBorne attack vector.

        WANNACRY
        05/18/17
        More information
        Threat:

        There are several vulnerabilities in Microsoft's implementation of SMBv1 on Windows. Microsoft addressed these in Microsoft Security Bulletin MS17-010 in March 2017. This bulletin refers to the following CVE identifiers: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, and CVE-2017-0148

        The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. SMB is a protocol mainly used for providing shared access to files and devices between nodes on a network.

        Identifier:
        N/A
        How is Crestron Affected:

        Platforms not affected

        Products running Windows CE 6 and Windows Embedded Compact 7 are not affected by the WannaCry malware package.

        PRO3, CP3, CP3N, AV3, DMPS 3-Series (all models), DM-64X64, DM-128X128, RMC3, DIN-AP3, TSW-550, TSW-750, TSW-1050, TSM-730

        • Only code signed with Crestron certificates can execute on these devices.
        • These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.
        • The SMB file server is not enabled and so they are not vulnerable to the original ETERNALBLUE exploit.
        • NOTE: It is not clear that the vulnerability exists in the Embedded Compact SMB implementation in the first place but as noted it is disabled anyway.

        TPMC-4SM, TPMC-9, TST-600

        • Only code signed with Crestron certificates can execute on these devices.
        • These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.
        • The SMB ports are open but there is no notice of this implementation being vulnerable to the original ETERNALBLUE exploit.

        MC3, TPCS-4SM

        • Only code signed with Crestron certificates can execute on these devices.
        • These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.

        Platforms potentially affected

        Crestron also has devices using XP Embedded and Windows Embedded Standard 7.

        DGE-2, DGE-1, TPMC-V12, TPMC-V15

        • These products have the SMB ports closed by default and so are not vulnerable under normal installation.
        • In the event the device does become infected; a reboot will clean it up.
        • Please install the following update service pack which includes Microsoft KB4012598
          • DGE-1 Use dge-1-osp_1.1.10.zip or higher
          • DGE-2 Use dge-2_1.01.10.puf or higher
          • TPMC-V12/15 Use tpmc-v12_tpmc-v15_1.01.008.puf or higher

        TPMC-8X-GA

        TPMC-8X-GA Use tpmc-8x-ga-osp_1.1.10.zip or higher.

        • NOTE: This product has SMB ports open by default and should be considered at risk.
        • In the event the devices does become infected, a reboot will clean it up.
        • Please install the following updated service pack which includes Microsoft KB4012598.

        TPMC-8X, TPMC-8L

        • NOTE: This product has SMB ports open by default and should be considered at risk.
        • In the event the devices does become infected, a reboot will clean it up.
        • Please install the following updated service pack which forces the SMB ports closed regardless of any other settings.
          • Upgrade firmware to version 2.00.02.219 or above. 2.00.02.221 is the latest release at this writing.
          • Install new service pack tpmc-8x-tpmc-8l-firewall_1.0.0.zip.
          • Ensure firewall is enabled using the console command: FIREWALL

        ADMS, ADMS-BR, ADMS-G2

        These products have the SMB ports closed by default and so are not vulnerable under default installation. If file sharing options are enabled the device should be considered at risk.

        Crestron RL (Version 1 and 2)

        • Crestron RL products disallow arbitrary applications to be executed and so are not vulnerable.
        • These products have the SMB ports closed by default and so are not vulnerable under normal installation.
        • Notwithstanding these protections, Microsoft has provided a security update for Crestron RL products – https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Skype-for-Business-15-15-9-Security-Update-for-Crestron-RL/ba-p/70432
        • This has been posted in CCS-UC-200 ver. 15.15.09 and CCS-UC-100 ver. 15.15.09

        CEN-FUSION-SERVER-R330, CEN-FUSION-RVS-R310, CEN-FUSION-R320, CEN-RVS-R210, CEN-RVS-R320

        Please follow Microsoft guidance for Windows Server Products: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

        NOTE: No other current Crestron products have been found to be affected by the WannaCry malware.

        SSL 3.0 PROTOCOL VULNERABILITY
        06/30/16
        More information
        Threat:

        As per TA14-290A, all systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

        Later, this vulnerability was extended to certain TLS 1.0 and TLS 1.1 implementations.

        Identifier:
        N/A
        How is Crestron Affected:
        1. The most likely exploitation is via web browsers and servers, which is not a high use case on Crestron equipment. In addition, the exploitation is most commonly implemented as a Man-in-the-Middle attack which is also less likely given the way most Crestron systems are put together.
        2. Crestron has deprecated support for SSL 3.0 and relies only on TLS which does not have this vulnerability. The console command "SSL" supports the following options: TLSSSL, TLSONLY, TLS1.2ONLY.
        3. Crestron does implement the protocol extension, TLS_FALLBACK_SCSV, which prevents MITM attackers from being able to force a protocol downgrade.
        4. Crestron's implementation of TLS 1.0 and TLS 1.1 was proven not to expose this vulnerability using the Qualys SSL Labs SSL Server test.
        FLASH
        07/08/15
        More information
        Threat:
        As per CVE-2015-5119, there is a use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
        Identifier:
        N/A
        How is Crestron Affected:

        All shipping products were reviewed and the following notes are applicable:

        1. The Smart Graphics installation package contains an affected version of the Adobe Flash Player for Internet Explorer. This will be updated in the next release. In the meanwhile, users may update their own systems via the normal means. This only affects developer’s own systems and no Crestron products.
        2. The following products support an embedded browser control which supports Flash: DGE-1, DGE-2, TPMC-8X, TPMC-8X-GA, TPMC-V12, TPMC-V15. However, the version of Flash installed on these products is not a version affected. In addition, if the user project on the system does not support browsing to arbitrary sites, the systems are not affected. Note that this does not affect Smart Graphics projects.
        GNU GLIBC BUFFER OVERFLOW IN DNS RESOLVER
        03/05/15
        More information
        Threat:
        According to a Google security blog post, and documented in CVE-2015-7547, the glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. All versions from 2.9 (originally released November 2008) to 2.22 appear to be affected.
        Identifier:
        N/A
        How is Crestron Affected:
        All shipping products were reviewed and no shipping products are affected by this report.
        GHOST
        02/05/15
        More information
        Threat:
        As per CVE-2015-0235: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
        Identifier:
        N/A
        How is Crestron Affected:

        CVE-2015-0235 is a vulnerability that really doesn’t apply to Crestron’s products, as it requires a custom written program to run on the device to exploit this vulnerabilities; none of our devices really have this capability.

        However, we have looked through our products, and where applicable, have patched the libraries affected:

        The PRO3/AV3/CP3N’s router firmware has been patched, and will be available by next month.

        The ATC-AUDIONET is the only other product with libraries that have this vulnerability; at the moment, a firmware upgrade is not scheduled to resolve this, mostly due to the fact that the unit is unable to run custom code.

        HEARTBLEED
        12/29/14
        More information
        Threat:

        There is a severe vulnerability in OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). This is a serious vulnerability which has been assigned the CVE identifier CVE-2014-0160.

        Exploitation may lead to disclosure of memory contents from the server to the client and from the client to the server. An attacker can remotely retrieve sensitive data from memory, including, but not limited to secret keys used for SSL encryption and authentication tokens.

        Identifier:
        N/A
        How is Crestron Affected:

        Crestron has carefully examined the versions of OpenSSL used in its product line. With the exception of the following three, none of Crestron's devices, software, web sites or tools have been determined to have this vulnerability.

        Crestron has incorporated a fix into firmware v1.1.1 which was released on March 10, 2015.

        1. Crestron App for iOS (Current Released Version)
          • Crestron has incorporated a fix into v1.02.42 which was released on May 28, 2014.
          • It should be noted that this application will only use SSL in connection to a Crestron Control System. To take advantage of this vulnerability in versions prior to v1.02.42, an attacker would need to coerce an end user to change application connection settings to connect to another non-control system device which was specifically coded to retrieve this data.
        2. Crestron Mobile and Crestron Mobile Pro for Android (running on Android 4.1.1 ONLY)
          • Crestron uses the built-in Android services. Customers with devices running Android 4.1.1 are urged to check with their carrier or device manufacturer for updates.
          • It should be noted that this application will only use SSL in connection to a Crestron Control System. To take advantage of this vulnerability in versions prior to v1.02.42, an attacker would need to coerce an end user to change application connection settings to connect to another non-control system device which was specifically coded to retrieve this data.
        3. Crestron AM-100 AirMedia™ Presentation Gateway
        SCHANNEL
        11/20/14
        More information
        Threat:

        Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."

        As per CVE-2014-6332, OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability" or WinShock.

        Identifier:
        N/A
        How is Crestron Affected:

        All shipping products were reviewed and the following notes are applicable:

        1. While Crestron 3-Series processors do use Windows Embedded operating systems, the kernel itself is different and it is not immediately clear if the same deficiency is present. We are working with Microsoft to make this determination. The Web Server in these processors does use SChannel for authentication if SSL is enabled. However, in most installations SSL is not enabled. This is further mitigated by the point that there is no scripting support provided on the 3-series web server and so exploitation would be more difficult.
        2. Crestron is working with Microsoft regarding and update to Crestron RL. However, as this is an embedded system with code protection enabled it is not clear the vulnerability is exploitable.
        3. Crestron is working with Microsoft regarding an update to the TPMC-V12, TPMC-V15, DGE-1. However, as this is an embedded system with code protection enabled, it is not clear the vulnerability is exploitable.
        4. Customers running Fusion are urged to make sure to apply Windows updates.
        |<  <   1 2 3    >  >| Pages: 3 of 3